It seems likely the fix is to move the connection.close into the finally block in eventlet.wsgi.HttpProtocol.finish
We should be able to test this by implementing the fix in a subclass since HttpProtocol is already over-ride-able in wsgi.server:
https://github.com/eventlet/eventlet/blob/fb067b63c705c5bc345047f545361a6fad53bbfc/eventlet/wsgi.py#L770
If we fix it in our code it's a) backportable but b) disclosing the security issue in eventlet
Does anyone know how to reach out to the eventlet team regarding some sort of shared disclosure?
It seems likely the fix is to move the connection.close into the finally block in eventlet. wsgi.HttpProtoc ol.finish
We should be able to test this by implementing the fix in a subclass since HttpProtocol is already over-ride-able in wsgi.server:
https:/ /github. com/eventlet/ eventlet/ blob/fb067b63c7 05c5bc345047f54 5361a6fad53bbfc /eventlet/ wsgi.py# L770
If we fix it in our code it's a) backportable but b) disclosing the security issue in eventlet
Does anyone know how to reach out to the eventlet team regarding some sort of shared disclosure?